Flawed encryption in Apple’s iMessage

Security researchers at John Hopkins University claim they have discovered a bug in Apple’s iMessageencryption in the upcoming iOS 9.3 software. The research team has found a serious security breach as the bug can let users see photo, videos and documents sent using iMessage.

Apple has previously shown how important it is for the tech giant company to secure its users’ privacy and security of encryption on their iPhones. Now, an iMessage security flaw allowed researchers at John Hopkins University to crack the code and get access to the data.

Researchers had the opportunity to intercept the transmissions from iMessage and target a data packet containing a link to the Apple iCloud server. Credit: Pop Sugar

Computer science professor Matthew D. Green led the team of researchers who exposed the security hole in Apple’s encryption code, and immediately reported the problem to Apple. As months went by and professor Green saw the flaw was still there, Green, along with his graduate students set to break the encryption code of the secured data over Apple’s iMessage feature.

The cracking of the code was a success as the team of researchers was able to write software that imitated an Apple server. This made possible for them to hijack the encrypted transmission of the targeted phone, so it seems Apple security is not as bulletproof as it claims to be.

Researchers had the opportunity to intercept the transmissions from iMessage and target a data packet containing a link to the Apple iCloud server, which allowed them to retrieve the data in a matter of minutes. Files have been using a weak encryption method with a 64-bit encryption key, noted professor Matthew Green, led researcher for the experiment.

At the moment, Apple should be thanking Green for exposing the security holes in the company’s encrypted information, as this served as a lesson to step up its encryption security measures. According to Apple, the bug was fixed on fall of 2015 when the iOS 9 was released, and said it will address the encryption issue through security improvements in the upcoming release of the iOS 9.3 this week.

Apple’s ongoing battle with the FBI

A federal magistrate judge ruled the tech company to help the FBI break into the locked iPhone 5C involved in the investigation of the San Bernardino shooting about a month ago. However, the company took a standing that would compromise the company’s reputation and customers’ privacy as well.

The latest opinion for the legal battle between the tech giant and a federal agency comes from no other than NSA whistleblower Edward Snowden. Apparently, Snowden appears to think the FBI doesn’t want to really get the information, as he claims the idea only Apple can bypass the security of an iPhone is a sham. He even used a severe language to express that statements saying that the iPhone security system can’t be hacked into is a deceit.

The court order stated that Apple had to create a custom version of the iOS for an iPhone 5C used by Syed Farook, one of the responsible attackers for the San Bernardino shooting.

However, Apple’s CEO Tim Cook rejected the FBI’s demand on previous occasions stating that the order would compromise the users privacy and personal information. In the end, however, the tech giant company had to concede to the court order demanding Apple to help the FBI crack the iPhone of one of the assailants.